From ff166093741df0bd91ba24e02714ef882073c51b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20M=C3=A4kel=C3=A4?= Date: Thu, 11 May 2017 21:12:37 +0300 Subject: MDEV-12674 Innodb_row_lock_current_waits has overflow There is a race condition related to the variable srv_stats.n_lock_wait_current_count, which is only incremented and decremented by the function lock_wait_suspend_thread(), The incrementing is protected by lock_sys->wait_mutex, but the decrementing does not appear to be protected by anything. This mismatch could allow the counter to be corrupted when a transactional InnoDB table or record lock wait is terminating roughly at the same time with the start of a wait on a (possibly different) lock. ib_counter_t: Remove some unused methods. Prevent instantiation for N=1. Add an inc() method that takes a slot index as a parameter. single_indexer_t: Remove. simple_counter: A new counter wrapper. Optionally use atomic memory operations for modifying the counter. Aligned to the cache line size. lsn_ctr_1_t, ulint_ctr_1_t, int64_ctr_1_t: Define as simple_counter. These counters are either only incremented (and we do not care about losing some increment operations), or the increment/decrement operations are protected by some mutex. srv_stats_t::os_log_pending_writes: Document that the number is protected by log_sys->mutex. srv_stats_t::n_lock_wait_current_count: Use simple_counter, that is, atomic inc() and dec() operations. lock_wait_suspend_thread(): Release the mutexes before incrementing the counters. Avoid acquiring the lock mutex if the lock wait has already been resolved. Atomically increment and decrement srv_stats.n_lock_wait_current_count. row_insert_for_mysql(), row_update_for_mysql(), row_update_cascade_for_mysql(): Use the inc() method with the trx->id as the slot index. This is a non-functional change, just using inc() instead of add(1). buf_LRU_get_free_block(): Replace the method add(index, n) with inc(). There is no slot index in the simple_counter. --- storage/xtradb/include/srv0srv.h | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'storage/xtradb/include/srv0srv.h') diff --git a/storage/xtradb/include/srv0srv.h b/storage/xtradb/include/srv0srv.h index 0923c9a88d7..1ca8e6de591 100644 --- a/storage/xtradb/include/srv0srv.h +++ b/storage/xtradb/include/srv0srv.h @@ -3,7 +3,7 @@ Copyright (c) 1995, 2016, Oracle and/or its affiliates. All rights reserved. Copyright (c) 2008, 2009, Google Inc. Copyright (c) 2009, Percona Inc. -Copyright (c) 2013, 2017, MariaDB Corporation Ab. All Rights Reserved. +Copyright (c) 2013, 2017, MariaDB Corporation. Portions of this file contain modifications contributed and copyrighted by Google, Inc. Those modifications are gratefully acknowledged and are described @@ -55,11 +55,10 @@ Created 10/10/1995 Heikki Tuuri /* Global counters used inside InnoDB. */ struct srv_stats_t { - typedef ib_counter_t lsn_ctr_1_t; - typedef ib_counter_t ulint_ctr_1_t; - typedef ib_counter_t lint_ctr_1_t; typedef ib_counter_t ulint_ctr_64_t; - typedef ib_counter_t ib_int64_ctr_1_t; + typedef simple_counter lsn_ctr_1_t; + typedef simple_counter ulint_ctr_1_t; + typedef simple_counter ib_int64_ctr_1_t; /** Count the amount of data written in total (in bytes) */ ulint_ctr_1_t data_written; @@ -73,8 +72,9 @@ struct srv_stats_t { /** Amount of data written to the log files in bytes */ lsn_ctr_1_t os_log_written; - /** Number of writes being done to the log files */ - lint_ctr_1_t os_log_pending_writes; + /** Number of writes being done to the log files. + Protected by log_sys->write_mutex. */ + ulint_ctr_1_t os_log_pending_writes; /** We increase this counter, when we don't have enough space in the log buffer and have to flush it */ @@ -113,7 +113,7 @@ struct srv_stats_t { ulint_ctr_1_t n_lock_wait_count; /** Number of threads currently waiting on database locks */ - lint_ctr_1_t n_lock_wait_current_count; + simple_counter n_lock_wait_current_count; /** Number of rows read. */ ulint_ctr_64_t n_rows_read; -- cgit v1.2.1